Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 2,548

Get the latest international news and world events from around the world.

Log in for authorized contributors

Google fixes one more Chrome zero-day exploited at Pwn2Own

Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.

Tracked as CVE-2024–3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine.

Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via heap corruption, which can provide them with sensitive information or trigger a crash.

Microsoft fixes Outlook security alerts bug caused by December updates

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening. ICS calendar files after installing the December 2023 Outlook Desktop security updates.

The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023–35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes via maliciously crafted files.

These credentials are used to authenticate as the compromised Windows user in pass-the-hash attacks, to gain access to sensitive data or spread laterally on their network.